Container agnostic decryption device and methods for use therewith

ABSTRACT

A video processing device for decrypting a compressed video signal includes a key storage device for storing at least one decryption key. An decryption processing device retrieves the at least one decryption key from the key storage device, and decrypts an encrypted elementary bit stream into at least one elementary bit stream, wherein first portions of the encrypted elementary bit stream are encrypted and second portions of the encrypted elementary bit stream are unencrypted.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present U.S. Utility Patent Application claims priority pursuant to35 U.S.C. §120 as a continuation of U.S. Utility application Ser. No.13/423,981, entitled “CONTAINER AGNOSTIC DECRYPTION DEVICE AND METHODSFOR USE THEREWITH”, filed Mar. 19, 2012, which claims priority pursuantto 35 U.S.C. §119(e) to U.S. Provisional Application No. 61/596,549,entitled “CONTAINERS AGNOSTIC COMPRESSION”, filed Feb. 8, 2012, and U.S.Provisional Application No. 61/604,228, entitled “ENCRYPTION/DECRYPTIONDEVICE AND METHODS FOR USE THEREWITH,” filed Feb. 28, 2012, all of whichare hereby incorporated herein by reference in their entirety and madepart of the present U.S. Utility Patent Application for all purposes.

TECHNICAL FIELD OF THE INVENTION

The present invention relates to secure distribution and protection ofcontent such as media content.

DESCRIPTION OF RELATED ART

Currently the delivery of Encryption Video/Audio Compressed content ismanaged with a variety of container formats. Examples of such containerformats are encrypted Internet Protocol (IP) packets such as used in IPTV, Digital Transmission Content Protection (DTCP), etc. In this casethe payload of IP packets contain several transport stream (TS) packetsand the entire payload of the IP packet is encrypted. Other examples ofcontainer formats include encrypted TS streams used in Satellite/CableBroadcast, etc. In these cases the payload of TS packets containpacketized elementary stream (PES) packets. Again, the entire payload ofthe container format, i.e. the TS packet, is encrypted. Further digitalvideo discs (DVDs) and Blu-Ray Discs (BDs) utilize PES streams where thepayload of each PES packet is encrypted. Note that PES packets are largepackets which encapsulate an Elementary Stream (ES) which comprisessmall structures such as slices, macro blocks, and motion vectors forvideo and compressed pulse code modulation (PCM) samples for audio.

The processing of encrypted container streams must be performed atvarious stages of video distribution. Certain operations such as trickmode video operations are not able to operate on encrypted contentbecause the framing information, such as the group of pictures (GOP)structure, is not available in the encrypted state. This implies that inorder to perform trick mode operations such as fast forward, rewind,etc., the encrypted content must be decrypted and must reside in memory.This problem is particularly obstructive for DVD and Blu-Ray discs wherecontent has to be decrypted to perform trick mode features. Certainoperations such as storage of content to a Hard Disk (as in a PVRsystem) are also hampered because it is not possible to determineboundaries associated within the encrypted content on the Hard Diskwithout decrypting the content. This often involves extra work todecrypt content, parse clear content and record index files withpointers into the containers on disk. In addition, other operations suchas splicing of two streams are hampered because it is not possible todetermine boundaries associated within the encrypted content. Thisrequires that both streams be decrypted in order to perform correctsplicing.

The process of decrypting compressed content at the container level isan expensive process which involves multiple transfers to/from memorywhich requires additional memory buffers and consumes bandwidth. Thisintroduces a security risk because clear compressed content resides inmemory for a period of time. There are various attacks where hackersattempt to read and export the compressed content, particularly in lowend software only solutions where third party software operates in thesame memory space that stores the content to be protected. This processcan require additional H/W resources such as separate compression andencryption blocks. These are typically implemented as completelyseparate blocks which operate asynchronously requiring separate datapaths and control interfaces.

The process of decrypting compressed content also inserts latencybecause it requires additional time and overhead to manipulate thecontent between the various stages of compress/encrypt anddecrypt/decode. This can force the system to operate on large blocks ofdata (i.e. large containers) which are generally not aligned to thenative video/audio boundaries.

The limitations and disadvantages of conventional and traditionalapproaches will become apparent to one of ordinary skill in the artthrough comparison of such systems with the present invention.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

FIG. 1 presents a schematic block diagram representation of a videoprocessing device 125 in accordance with an embodiment of the presentinvention.

FIG. 2 presents a schematic block diagram representation of anelementary and encrypted elementary bit streams in accordance with anembodiment of the present invention.

FIG. 3 presents a schematic block diagram representation of anelementary and encrypted elementary bit streams in accordance with anembodiment of the present invention.

FIG. 4 presents a schematic block diagram representation of anencryption processing device 124 in accordance with an embodiment of thepresent invention.

FIGS. 5-7 present schematic block diagram representations of elementaryand encrypted elementary bit streams in accordance with an embodiment ofthe present invention.

FIGS. 8 and 9 present flowchart representations of encryption algorithmsin accordance with an embodiment of the present invention.

FIG. 10 presents a schematic block diagram representation of a videoprocessing device 125′ in accordance with an embodiment of the presentinvention.

FIG. 11 presents a block diagram representation of encapsulation ofencrypted elementary bit streams 102 in accordance with an embodiment ofthe present invention.

FIG. 12 presents a schematic block diagram representation of a videoprocessing device 125″ in accordance with an embodiment of the presentinvention.

FIGS. 13-15 present a block diagram representation of encryptedcontainer formats in accordance with an embodiment of the presentinvention.

FIG. 16 presents a schematic block diagram representation of a videoprocessing device 125′ in accordance with an embodiment of the presentinvention.

FIG. 17 presents a schematic block diagram representation of a videoprocessing device 127 in accordance with an embodiment of the presentinvention.

FIG. 18 presents a schematic block diagram representation of a videoprocessing device 225 in accordance with an embodiment of the presentinvention.

FIG. 19 presents a schematic block diagram representation of adecryption processing device 224 in accordance with an embodiment of thepresent invention.

FIGS. 20-22 present schematic block diagram representations ofelementary and encrypted elementary bit streams in accordance with anembodiment of the present invention.

FIG. 23 presents a schematic block diagram representation of a videoprocessing device 225′ in accordance with an embodiment of the presentinvention.

FIG. 24 presents a schematic block diagram representation of a videoprocessing device 225″ in accordance with an embodiment of the presentinvention.

FIG. 25 presents a schematic block diagram representation of a videoprocessing device 225′ in accordance with an embodiment of the presentinvention.

FIG. 26 presents a schematic block diagram representation of a videoprocessing device 227 in accordance with an embodiment of the presentinvention.

FIG. 27 presents a schematic block diagram representation of a videoprocessing device 227′ in accordance with an embodiment of the presentinvention.

FIG. 28 presents a schematic block diagram representation of a videoprocessing device 227″ in accordance with an embodiment of the presentinvention.

FIG. 29 presents a schematic block diagram representation of a videoprocessing device 229 in accordance with an embodiment of the presentinvention.

FIG. 30 presents a flowchart representation of a method in accordancewith an embodiment of the present invention.

FIG. 31 presents a flowchart representation of a method in accordancewith an embodiment of the present invention.

FIG. 32 presents a flowchart representation of a method in accordancewith an embodiment of the present invention.

FIG. 33 presents a flowchart representation of a method in accordancewith an embodiment of the present invention.

FIG. 34 presents a flowchart representation of a method in accordancewith an embodiment of the present invention.

FIG. 35 presents a schematic block diagram representation of a videoprocessing device in accordance with an embodiment of the presentinvention.

FIG. 36 presents a schematic block diagram representation of a videoprocessing device in accordance with an embodiment of the presentinvention.

FIG. 37 presents a flowchart representation of a method in accordancewith an embodiment of the present invention.

FIG. 38 presents a flowchart representation of a method in accordancewith an embodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION INCLUDING THE PRESENTLY PREFERREDEMBODIMENTS

FIG. 1 presents a schematic block diagram representation of a videoprocessing device 125 in accordance with an embodiment of the presentinvention. In this embodiment, instead of encrypting video data at thecontainer level, the encryption operation operates at the ES level. Inparticular, video processing device 125 includes an interface device 120that receives elementary bit streams 100 from an encoder that includescompressed video and/or audio streams. A key storage device 126 storesone or more encryption keys. In an embodiment of the present invention,key storage device 126 is implemented via be a memory device that may beseparate from or included within memory module 122. Such a memory devicecan include a hard disk drive or other disk drive, read-only memory,random access memory, volatile memory, non-volatile memory, staticmemory, dynamic memory, flash memory, cache memory, and/or any devicethat stores digital information. In an embodiment of the presentinvention, the existing conditional access/digital rights management maybe used to perform a key exchange and rights management to populateand/or share the keys from key storage device 126. In particular,audio/video content can be encrypted at the ES level using the same keyor keys which would traditionally be used at the (IP/TS/PES) containerlevel, however different keys can also be employed, particularly inembodiments discussed later in conjunction with transcryption.

The encryption processing device 124 retrieves the encryption key orkeys from the key storage device 126 and directly encrypts theelementary bit streams 100 into encrypted elementary bit streams 102. Inpertinent part, portions of the audio and video elementary bit streamsare encrypted and other portions, such as header and control data areleft unencrypted to facilitate the processing of the encryptedelementary bit streams 102, while still encrypted. For example, theencryption processing device 124 can encrypt the elementary streams 100without encrypting framing data associated with the compressed videosignal. This allows some operations, such as disc seek operations, trickplay features, PVR functions, etc., to be performed without decryptingthe stream.

The encrypted elementary stream 102 is a container-agnostic encryptionformat that allows the audio and video content to be carried in anycontainer (IP/TS/PES) without having to perform encryption at thecontainer level. In this fashion, the encryption processing device 124encrypts the elementary streams 100 without encrypting formatting dataassociated with container formats that may be employed to carry thecompressed video signal.

In an embodiment of the present invention, the encryption processingdevice 124 can be implemented using a single processing device or aplurality of processing devices. Such a processing device may be amicroprocessor, co-processors, a micro-controller, digital signalprocessor, microcomputer, central processing unit, field programmablegate array, programmable logic device, state machine, logic circuitry,analog circuitry, digital circuitry, and/or any device that manipulatessignals (analog and/or digital) based on operational instructions thatare stored in a memory, such as memory module 122. Memory module 122 maybe a single memory device or a plurality of memory devices. Such amemory device can include a hard disk drive or other disk drive,read-only memory, random access memory, volatile memory, non-volatilememory, static memory, dynamic memory, flash memory, cache memory,and/or any device that stores digital information. Note that when theprocessing module implements one or more of its functions via a statemachine, analog circuitry, digital circuitry, and/or logic circuitry,the memory storing the corresponding operational instructions may beembedded within, or external to, the circuitry comprising the statemachine, analog circuitry, digital circuitry, and/or logic circuitry.While a particular bus architecture is shown that employs a single bus130, alternative architectures using direct connectivity between one ormore modules and/or additional buses can likewise be implemented inaccordance with the present invention.

The video processing device 125 can be implemented in conjunction with avideo encoder, transcoder or decoder that produces the elementary bitstreams 100. In this fashion, the video processing device 125 can embedthe encryption operations within an encoder, transcoder or decoder whichoperates at the ES level. Further details, including optionalimplementations and additional functions and features are described inconjunction with FIGS. 2-17 that follow.

FIG. 2 presents a schematic block diagram representation of anelementary and encrypted elementary bit streams in accordance with anembodiment of the present invention. In particular, an elementary bitstream 110 is shown that carries a compressed video bit stream 20 in thepayload. As shown, portions of the video bit stream 20 are separated byan initial start code sequence 10 such as (0x00, 0x00, 0x01, 0xTT) orother start code sequence and the next start code sequence 12. Theencrypted elementary bit stream 112 is formed from the same start codesequences 10 and 12, but by encrypting the bit stream 20 into encryptedbit stream 22.

The video bit stream 20 includes encoded information pertaining to theMacro Blocks, Motion Vectors, Quantization Matrices, etc., of the framesand fields of the video signal. This portion is encrypted to protect thecontent of the video signal, but leaves framing informationun-encrypted. In this fashion, the framing information for all layers ofvideo distribution (i.e. all IP, TS, PES containers) would be leftun-encrypted and only portions of the lowest level Elementary Stream(ES) would be encrypted. In this scenario the encrypted Video contentwould be un-usable but all the structural information involving framingand timing would be available so that the stream may be manipulatedwhile in the encrypted state.

There are several options as to which level or which portion of the ESbit stream to encrypt. It may be sufficient to only encrypt ES videosequences within I-frames as these are critical for decoding of P and Bframes and if the I-frame is corrupted then the rest of the video framewill not decode properly. This would reduce the performance requirementsbecause fewer bit sequences would have to be encrypted but it wouldrequire parsing of the video to detect I-frames. Another logical pointto apply ES encryption for video would be at the slice level only asthis is a conveniently identifiable sequence within the bit stream.

FIG. 3 presents a schematic block diagram representation of anelementary and encrypted elementary bit streams in accordance with anembodiment of the present invention. In particular, an elementary bitstream 114 is shown that carries a compressed audio bit stream 24representing compressed PCM samples in the payload. As shown, portionsof the audio bit stream 24 are separated by start fields such as header25 and length 27. The encrypted elementary bit stream 116 is formed fromthe same start fields but by encrypting the bit stream 24 into encryptedbit stream 26.

For Audio, the encryption functions operate on the compressed audio PCMsamples but leave all framing information un-encrypted. In this way theframing information for all layers of audio distribution (i.e. all IP,TS, PES containers) would be left un-encrypted and only portions of thelowest level Elementary Stream (ES) would be encrypted. In this scenariothe encrypted Audio content would be un-usable but all the structuralinformation involving framing and timing would be available so that thestream may be manipulated while in the encrypted state.

FIG. 4 presents a schematic block diagram representation of anencryption processing device 124 in accordance with an embodiment of thepresent invention. In particular, the encryption processing device 124includes an elementary stream parser 150 that identifies a first startcode sequence and a second start code sequence in the elementary bitstreams 100 and further that identifies a group of bits 152 between thefirst start code sequence and the second start code sequence, whereinthe second start code sequence, such as next start code sequence 12, isthe next start code sequence after a start code sequence 10, in atemporal ordering of an elementary bit stream. A bit stream segmenter154 segments the group of bits 152 into one or more blocks 156. Theencryption module 158 encrypts blocks 156 into encrypted blocks 162,based on the encryption key or keys 160. The output formatter 164generates the encrypted elementary bit stream or streams 102 from theencrypted blocks 162 by adding the headers, start code sequences, orother formatting to the stream.

The operation of encryption processing device 124 can be described inconjunction with the examples presented in FIGS. 5-7.

FIGS. 5-7 present a schematic block diagram representations ofelementary and encrypted elementary bit streams in accordance with anembodiment of the present invention. In particular, these examples arepresented in conjunction with a video elementary bit stream such aselementary bit stream 110. Such a video ES can present a challengebecause the payload portion that includes video bit stream 20 canconsist of a series of bits of undeterminant length, bracketed only bystart code sequences such as (0x00,0x00,0x01,0xTT) where: 0xTT is an 8bit start code value; the start code sequences must always occur on 8bit boundaries−which implies that bit sequences+padding also ocupyintegral 8 bit boundaries; the 0x00,0x00,0x01,0xTT sequence may neverappear within the bit sequence.

The output of the elementary stream parser 150 is a group of bits 152that falls between sucessive start code sequences. This group of bits152 is segmented by bit stream segmenter 154 into blocks 156. In theexample presented in conjunction with FIG. 5, the group of bits 152 is128 bit aligned can be segmented into a plurality of blocks 156 that areeach 128 bits long. The encryption module 158 operates on each of theresulting blocks 156 via a base encryption algorithm, labeled“Encrypt-1”, such as an Advanced Encryption Standard (AES) encryptionalgorithm and more particularly, an electronic code book (ECB) as setforth in Federal Information Processing Standard (FIPS) 197-2001 or viaanother encryption algorithm.

In the case presented in conjunction with FIG. 6, the group of bits 152is not 128 bit aligned but is longer than 128 bits. The bit streamsegmenter 154 generates a plurality of blocks 156 that includes one ormore standard blocks of standard length and a remainder block that isless than the standard length. In particular, the blocks 156 includeseveral blocks of length 128 and a remainder block 156 that is less than128 bits long. The encryption module 158 operates in a first encryptionmode for the standard block and in a second encryption mode for theremainder block with the residual bits. In particular, the encryptionmodule 158 encrypts the 128 bit blocks via the base encryptionalgorithm, and employs a second algorithm, labeled, “Encrypt-2” for theremainder block.

In the example presented in conjunction with FIG. 7, the group of bits152 has fewer bits than the standard block size, i.e. a 128 bit blockand is encrypted using algorithm Encrypt-2.

In each of the examples presented above, the group of bits 152 areencrypted without altering the start code sequence(s) which are leftun-encrypted, but also encrypted in order to enforce the constraint thata start code sequence may not occur within the encrypted bit stream.This avoids inserting a false start code sequences that would bedetected as a coding error when the elementary stream is processed, suchas during decryption.

It should be noted that the above examples present one possiblesegmentation procedure for the group of bits 152. Other segmentationsincluding the use of other block sizes could be employed. In addition,additional bit padding can be employed in bit stream segmenter 154 toforce uniform block sizes in other implementations. Further details ofan optional implementation of two encryption algorithms is presented inconjunction with FIGS. 8-9 that follow.

FIGS. 8 and 9 present flowchart representations of encryption algorithmsin accordance with an embodiment of the present invention. Inparticular, an example of the Encrypt -1 algorithm is presented in FIG.8. The encryption module 158 performs a test on the encrypted blocks 162for an occurrence of a false start sequence, and iteratively encryptsthe block 156 again using the same encryption keys 160, re-encryptingthe encrypted blocks 162 iteratively until the encrypted blocks do notcontain the false start sequence.

In step 40, the blocks 156 are encrypted via an encryption algorithmsuch as AES-ECB into encrypted blocks 162. In decision block 42, theEncrypt-1 algorithm tests the encrypted blocks 162 to detect thepresence of a start code sequence or partial start code sequence. Thetest involves checking if the 0x00,0x00,0x01 sequence is detectedanywhere in the 128 bit block or if the last bytes of the block form a0x00,0x00,0x01 or 0x00,0x00 or a 0x00 sequence (i.e. if the last bitscould be part of a start code sequence which spans 128 bit boundaries).If the start sequence is not detected, the algorithm proceeds to step 44where the encrypted blocks 162 are accepted. If the sequence is detectedthen the encryption in step 40 is repeated (up to n times) until thesequence is not detected. In the simplest case the AES-ECB Encryption isperformed only once.

In accordance with the example presented above, the probability that theencrypted blocks 162 are not accepted after n iterations can be foundbased on the following. There are 13 possible positions of the0x00,0x00,0x01,0xTT start code sequence in the encrypted 128 bit blockas set forth below:

-   -   (1) 0x00,0x00,0x01,0xTT,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,        0xXX,0xXX,0xXX,0xXX    -   (2) 0xXX,0x00,0x00,0x01,0xTT,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,        0xXX,0xXX,0xXX,0xXX    -   (3) 0xXX,0xXX,0x00,0x00,0x01,0xTT,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,        0xXX,0xXX,0xXX,0xXX    -   (4) 0xXX,0xXX,0xXX,0x00,0x00,0x01,0xTT,0xXX,0xXX,0xXX,0xXX,0xXX,        0xXX,0xXX,0xXX,0xXX    -   (5) 0xXX,0xXX,0xXX,0xXX,0x00,0x00,0x01,0xTT,0xXX,0xXX,0xXX,0xXX,        0xXX,0xXX,0xXX,0xXX    -   (6) 0xXX,0xXX,0xXX,0xXX,0xXX,0x00,0x00,0x01,0xTT,0xXX,0xXX,0xXX,        0xXX,0xXX,0xXX,0xXX    -   (7) 0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0x00,0x00,0x01,0xTT,0xXX,0xXX,        0xXX,0xXX,0xXX,0xXX    -   (8) 0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0x00,0x00,0x01,0xTT,0xXX,    -   (9) 0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0x00,0x00,0x01,0xTT,        0xXX,0xXX,0xXX,0xXX    -   (10) 0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0x00,0x00,        0x01,0xTT,0xXX,0xXX,0xXX    -   (11) 0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0x00,0x00        0x01,0xTT,0xXX,0xXX    -   (12) 0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,        0xXX,0x00,0x00,0x01,0xTT,0xXX    -   (13) 0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,        0xXX,0x00,0x00,0x01,0xTT

Of the 13 possible cases, the probability that one of these cases occursis P1=P2=. . . P13=2¹⁰⁴/2¹²⁸=1/(2²⁴)

In addition, there are 3 additional cases, labeled (14)-(16) below,where the start code sequence may span the 128 bit block boundary intothe next 128 bit block:

-   -   (14) 0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,        0xXX,0xXX,0x00,0x00,0x01    -   (15) 0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,        0xXX,0xXX,0xXX,0x00,0x00    -   (16) 0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,0xXX,        0xXX,0xXX,0xXX,0xXX,0x00

The probabilities associated with these cases are

P14=2¹⁰⁴/2¹²⁸=1/(2²⁴)

P15=2¹¹²/2¹²⁸=1/(2¹⁶)

P16=2¹²⁰/2¹²⁸=1/(2⁸)

The probability that a complete or partial start code sequence resultsfrom an AES operation after each iteration is less than:

$\begin{matrix}{P_{{reject}\; 1} = {{P\; 1} + {P\; 2} + \ldots + {P\; 13} + {P\; 14} + {P\; 15} + {P\; 16}}} \\{= {{141/( 2^{24} )} + {1/( 2^{16} )} + {1/( 2^{8} )}}} \\{= 0.00392234325408935546875}\end{matrix}$

If the test detects a Start Code sequence then the encryption isrepeated up to n times, the probability that the start code sequence isdetected after all n encryption iterations is

P_(rejectn)=(P_(rejectl))^(n)

The probability of this form of error can be made arbitrarily smallbased on the choice of n. Choosing, for example, n=16,

P_(rejectn)=3.1385536375458315846065254145104e-39

This is a negligibly small probability which would result in anacceptable error rate. For example, considering a 20 Mbps ES encryptedvideo steam using this method, the probability of an incorrect startcode sequence occurring in the encrypted ES stream equates to

=5.1422062797550904682193312391338e-34 Errors per Second

=61,623,525,175,925,398,906,357,975 Years per Error

If the test is bounded to 16 iterations, it is guaranteed to complete ina bounded time. In the decryption operation, a similar test is performedwith the knowledge that a complete or partial start code sequence mustnever occur in the un-encrypted ES stream. The decryption is repeated upto n times and if a start code sequence is detected then the decryptionis repeated until no start code sequence is detected. This operates toreverse the iterative encryption process. For example, if the encryptionprocess takes i iterations to find an acceptable set of encrypted blocks162, the decryption algorithm will likewise need to perform i decryptioniterations to return to the original unencrypted data.

An example of the Encrypt-2 algorithm is presented in FIG. 9. In step46, the Encrypt-2 algorithm uses no encryption but just copies the smallblock (i.e. small residual blocks are copied). It should be noted thatother embodiments, other encryption or scrambling could be employed onremainder/residual blocks.

While the examples of FIGS. 5-9 have focused on elementary videostreams, similar methodologies can be employed for audio ES encryption.In paticular, the bit stream payload 24 of elementary bit stream 114 canbe segmented into 128-bit blocks and classified into three cases similarto video ES encryption described above, one encryptional mode can beemployed for encrypting complete 128 bit blocks and another encryptionmode can be employed for encrypting smaller blocks or remainder/residualblocks of less than 128 bits. The encryption algorithms used in thesetwo modes can be the same algorithms employed with encrypting videoelementary streams or different algorithms.

It should be noted for both audio and video, the AES-ECB algorithm canbe used rather than the typical AES-CBC and the small block processingis simplified compared to the typical Cipher Block Stealing used in manystandards. This is done intentionally to preserve a property of Videoand Audio encoding where great effort has been involved to support errorconcealment i.e. simple coding errors are often undetectable in videoand audio decode. If an AES-CBC style algorithm were used then singlebit errors would propagate and affect large portions of the video andaudio which is undesirable. The simple small block processing similarlyis intentionally not chained to prior blocks as would be the case incipher text stealing algorithms. In some cases however, a higher levelof security may be desirable. In these cases a two stage encryption (asfollows) is recommended.

For ES Encryption, one technique to increase security is to use twostages of AES-128 in series with different keys in place of theEncrypt-1 and Decrypt-1 algorithms described above. In this way thecryptographic strength may be increased to 256 without increasing thewidth of the data operated on (i.e. the data is still 128 bits) topreserve the error concealment property. Note that two keys used for thetwo stages of AES encryption and decryption should be different valuesto maximize security but they could be the same value. In the same keyvalue case the security level of the algorithm would be increased butbackwards compatibility to existing CA and DRM systems which deliver 128bit keys can be preserved. Alternate approaches using some othersymmetrical cipher (like DES, 3DES, etc . . . ) or other symmetricalgorithm could also be employed to increase the level of security.

FIG. 10 presents a schematic block diagram representation of a videoprocessing device 125′ in accordance with an embodiment of the presentinvention. In particular, a further embodiment of video processingdevice 125 is presented that includes several common functions andfeatures that are referred to by common reference numerals. In thisembodiment, the interface device 120′ includes an interface module thatencapsulates the encrypted elementary bit streams 102 in a containerformat such as PES, TS and/or IP for storage or transport. The operationof an example interface module is presented in conjunction with FIG. 11that follows.

FIG. 11 presents a block diagram representation of encapsulation ofencrypted elementary bit streams 102 in accordance with an embodiment ofthe present invention. As shown, the encrypted elementary bit streamscan be encapsulated into the PES payload of packetized elementary stream104 by adding a start code prefix, stream identifier (ID) length field,as well as optional stuffing bits, PES headers, error detection orcorrection codes and other control data.

As shown, the PES 104 can be optionally encapsulated further into the TSpayload of transport stream 106 by adding a sync byte such as 0×47, atransport error indicator (TEI), a payload unit start indicator (PUSI),a transport priority (TP), a packet identifier (PID), a scramblingcontrol field (SC), an adaptation field exist (AF), a continuity counter(CC), an adaptation field, and/or other header error detection orcorrection codes and/or other control data. In addition, the TS 106 canoptionally be encapsulated further into the IP payload of IP packets 108by adding an IP header and cyclic redundancy check (CRC) fields.

As previously discussed, in contrast to prior art systems that encryptthe entire IP payload, TS payload or PES payload, the encryptedelementary bit stream 102 is directly encrypted. The framing informationfor all layers of audio/video distribution (i.e. all IP, TS, PEScontainers) can be left un-encrypted and only portions of the lowestlevel ES 100 are encrypted. Although ES encryption is used, the higherlevel containers will generally still be used (i.e. IP, TS, PES). Inthis case it can be useful to signal that the container carries ESencryption streams. Currently the TS and PES allocate 2 bits to signalthe scrambling state i.e. 00=un-encrypted, 10=even encryption, 01=oddencryption and 11=invalid. The invalid state of 11 can be used to signalthat the (TS/PES) container carries ES encrypted content. In this way adecoder could recognize that the A/V bit stream has been ES encrypted.It can also be useful to allocate unused bits in the TS and PES headersto signal the polarity for the encryption in cases where key cycling isdesired. Unused bits in the TS container such as the Transport Prioritybit or unused bits in the adaptation field may be used for TS. Unusedbits in the PES container such as the PES priority bit in the PES headermay be used. A single bit could be used to indicate the even or oddcycle of encryption. In this way existing CA and DRM systems can be usedto manage rights and keys but the containers would carry ES encryptionbit streams.

FIG. 12 presents a schematic block diagram representation of a videoprocessing device 125″ in accordance with an embodiment of the presentinvention. In particular, a further embodiment of video processingdevice 125 is presented that includes several common functions andfeatures that are referred to by common reference numerals. In thisembodiment, the interface device 120″ includes an interface module thatreceives a compressed video signal in an encrypted container format suchas PES, TS or IP or other container format. The interface module ofinterface device 120″ de-encapsulates and decrypts the compressed videosignal to produce the elementary bit stream 100 to be processed aspreviously described. In this fashion, processing device 125″ canreceive video signals produced by legacy devices that operate withconventional encrypted container formats.

It should be noted that video processing devices 125″ operates totranscrypt an encrypted container format to an encrypted elementary bitstream. For example, such a transcrypt device can receive encryptedcontent in one of the standard container formats (IP/TS/PES) which isprotected by a conditional access (CA) or digital rights management(DRM). It can decrypt the protected content in its original containerformat then re-encrypt the content in encrypted ES format. The ESencrypted content may then be stored locally to a hard drive, used in atrick mode operation or transmitted to devices capable of decrypting theES encrypted content. As will be discussed in conjunction with FIG. 24,the converse is also possible. ES encrypted content may be decrypted andthen re-encrypted into encrypted IP/TS/PES containers. As will bediscussed in conjunction with FIG. 27, another option is to transcryptES encrypted content into ES encrypted content using a different or samekey (perhaps operating on the ES content).

FIGS. 13-15 present a block diagram representation of encryptedcontainer formats in accordance with an embodiment of the presentinvention. In particular, FIG. 13 presents a packetized elementarystream with encrypted payload 142, FIG. 14 presents a transport streamwith encrypted payload 140, and FIG. 15 presents IP packets withencrypted payload 144. In operation, the interface module 120″ extractsthe encrypted payload from the container format and decrypts theencrypted payload. When multiple container formats are employed,multiple steps of de-encapsulation are required to extract theelementary bit stream 100.

FIG. 16 presents a schematic block diagram representation of a videoprocessing device 125′″ in accordance with an embodiment of the presentinvention. In particular, a further embodiment of video processingdevice 125 is presented that includes several common functions andfeatures that are referred to by common reference numerals. In thisembodiment, the interface device 120′ includes a first interface moduleas described in conjunction with FIG. 12 that receives a compressedvideo signal in an encrypted container format such as PES, TS or IP orother container format. This interface module of interface device 120″de-encapsulates and decrypts the compressed video signal to produce theelementary bit stream 100 to be processed as previously described. Inthis fashion, processing device 125″ can receive video signals producedby legacy devices that operate with conventional encrypted containerformats.

In this embodiment, the interface device 120′ further includes a secondinterface module as described in conjunction with FIG. 10 thatencapsulates or re-encapsulates the encrypted elementary bit streams 102in a container format such as PES, TS and/or IP for storage ortransport. It should be noted that the input and output containerformats may be the same format or different format, depending on theimplementation.

FIG. 17 presents a schematic block diagram representation of a videoprocessing device 127 in accordance with an embodiment of the presentinvention. In particular, a further embodiment of video processingdevice 125 is presented that includes several common functions andfeatures that are referred to by common reference numerals. In addition,the video processing device 127 includes an encoder/transcoder 128 forfurther encoding or transcoding the video signal 98 from an uncompressedaudio/video format to produce elementary bit streams 100 in a compressedaudio/video format or from one compressed audio/video format to produceelementary bit streams 100 in another compressed audio/video format.

In an embodiment of the present invention, the video processing device127 embeds the encryption operation within the encoder, transcoder ordecoder that operates at the ES level. The video processing deviceproduces a container-agnostic encryption format in that the A/V contentis encrypted at the ES level and may be carried in any container(IP/TS/PES) without having to perform encryption at the container level.For example, the video processing device 127 can receive a video signal98 in the form of clear un-compressed content formatter as YUV/PCM. Theencoder/transcoder 128 receives the un-compressed content, compressesthe content into elementary bit streams 100 in selected compressed audioand video formats, and then automatically encrypts these ES into anencrypted elementary bits streams 102. Further, as part of this singleatomic operation, the video processing device 127 can write theencrypted elementary bits streams 102 to memory module 122 to protectthe integrity of the content while stored.

FIG. 18 presents a schematic block diagram representation of a videoprocessing device 225 in accordance with an embodiment of the presentinvention. In particular, video processing device 225 operatessimilarly, but in a reciprocal fashion to video processing device 125.Video processing device 225 includes a key storage device 226, similarto key storage device 126, for storing at least one decryption key.Decryption processing device 224 retrieves the at least one decryptionkey from the key storage device and decrypts the at least one encryptedelementary bit stream into at least one elementary bit stream 200. Inparticular, first portions of the at least one encrypted elementary bitstream are encrypted and second portions of the at least one encryptedelementary bit stream are unencrypted. It should be noted, that withoutcorruption or loss in coding, transcoding or transport, elementary bitstreams 200 should be equivalent to the elementary bit streams 100.

In an embodiment of the present invention, the decryption processingdevice 224 can be implemented using a single processing device or aplurality of processing devices. Such a processing device may be amicroprocessor, co-processors, a micro-controller, digital signalprocessor, microcomputer, central processing unit, field programmablegate array, programmable logic device, state machine, logic circuitry,analog circuitry, digital circuitry, and/or any device that manipulatessignals (analog and/or digital) based on operational instructions thatare stored in a memory, such as memory module 222. Memory module 222 maybe a single memory device or a plurality of memory devices. Such amemory device can include a hard disk drive or other disk drive,read-only memory, random access memory, volatile memory, non-volatilememory, static memory, dynamic memory, flash memory, cache memory,and/or any device that stores digital information. Note that when theprocessing module implements one or more of its functions via a statemachine, analog circuitry, digital circuitry, and/or logic circuitry,the memory storing the corresponding operational instructions may beembedded within, or external to, the circuitry comprising the statemachine, analog circuitry, digital circuitry, and/or logic circuitry.While a particular bus architecture is shown that employs a single bus230, alternative architectures using direct connectivity between one ormore modules and/or additional buses can likewise be implemented inaccordance with the present invention.

The video processing device 225 can be implemented in conjunction with avideo decoder or transcoder that produces the elementary bit streams200. In this fashion, the video processing device 225 can embed thedecryption operations within a decoder, transcoder or encoder whichoperates at the ES level. Further details, including optionalimplementations and additional functions and features are described inconjunction with FIGS. 19-34 that follow.

FIG. 19 presents a schematic block diagram representation of adecryption processing device 224 in accordance with an embodiment of thepresent invention. In particular, the decryption processing device 224includes an elementary stream parser 250 that identifies a first startcode sequence and a second start code sequence in the encryptedelementary bit streams 102 and further that identifies a group of bits252 between the first start code sequence and the second start codesequence, wherein the second start code sequence, is the next start codesequence after the first start code sequence, in a temporal ordering ofthe encrypted elementary bit stream. A bit stream segmenter 254 segmentsthe group of bits 252 into one or more blocks 256. The decryption module258 encrypts blocks 256 into decrypted blocks 262, based on thedecryption key or keys 260. The output formatter 264 generates theelementary bit stream or streams 100 from the decrypted blocks 262 byadding the headers, start code sequences, or other formatting to thestream.

The operation of encryption processing device 124 can be described inconjunction with the examples presented in FIGS. 20-22.

FIGS. 20-22 present schematic block diagram representations ofelementary and encrypted elementary bit streams in accordance with anembodiment of the present invention. In particular, these examples arepresented in conjunction with a video elementary bit stream such aselementary bit stream 110. As previously discussed the payload portioncan consist of a series of bits of undeterminant length, bracketed onlyby start code sequences such as (0x00,0x00,0x01,0xTT) where: 0xTT is an8 bit start code value; the start code sequences must always occur on 8bit boundaries -- which implies that bit sequences+padding also ocupyintegral 8 bit boundaries; and the 0x00,0x00,0x01,0xTT sequence may nototherwise appear, 8-bit aligned within the bit sequence.

The output of the elementary stream parser 250 is a group of bits 252that falls between sucessive start code sequences. This group of bits252 is segmented by bit stream segmenter 254 into blocks 256. In theexample presented in conjunction with FIG. 20, the group of bits 252 is128 bit aligned and can be segmented into a plurality of blocks 256 thatare each 128 bits long. The decryption module 158 operates on each ofthe resulting blocks 156 via a base decryption algorithm, labeled“decrypt-1”, that performs the reciprocal operation to the baseencryption algorithm used to encrypt this block. Accordingly, thedecryption can employ an Advanced Encryption Standard (AES) decryptionalgorithm and more particularly an electronic code book (ECB) as setforth in Federal Information Processing Standard (FIPS) 197-2001.

In the case presented in conjunction with FIG. 21, the group of bits 252is not 128 bit aligned but is longer than 128 bits. The bit streamsegmenter 254 generates a plurality of blocks 256 that includes one ormore standard blocks of standard length and a remainder block that isnot equal to the standard length. In particular, the blocks 256 includeseveral blocks of length 128 and a remainder block 256 that is less than128 bits long. The decryption module 258 operates in a first encryptionmode for the standard block and in a second encryption mode for theremainder block with the residual bits. In particular, the decryptionmodule 258 decrypts the 128 bit blocks via the base decryptionalgorithm, and employs a second algorithm, labeled, “decrypt-2” for theremainder block. As discussed in conjunction with FIG. 9, the encrypt-2algorithms can be a simple pass through that leaves theresidual/remainder block unencrypted. In this case, the decrypt-2algorithm can also be a simple pass through that copies the encryptedbits in the residual block.

In the example presented in conjunction with FIG. 22 the group of bits252 has fewer bits than the standard block size, i.e. a 128 bit blockand is encrypted using algorithm decrypt-2. It should be noted that theabove examples present one possible segmentation procedure for the groupof bits 252. Other segmentations including the use of other block sizescould be employed—depending on the operation of bit stream segmenter154.

FIG. 23 presents a schematic block diagram representation of a videoprocessing device 225′ in accordance with an embodiment of the presentinvention. In particular, a further embodiment of video processingdevice 225 is presented that includes several common functions andfeatures that are referred to by common reference numerals. In thisembodiment, the interface device 220′ includes an interface module thatde-encapsulates the encrypted elementary bit streams 102 from acontainer format such as PES, TS and/or IP.

FIG. 24 presents a schematic block diagram representation of a videoprocessing device 225″ in accordance with an embodiment of the presentinvention. In particular, a further embodiment of video processingdevice 225 is presented that includes several common functions andfeatures that are referred to by common reference numerals. In thisembodiment, the interface device 220″ includes an interface module thatgenerates a compressed video signal in an encrypted container formatsuch as PES, TS or IP or other container format. The interface module ofinterface device 120″ encrypts and encapsulates the elementary bitstream 200 after decryption for storage or transport. In this fashion,processing device 225″ can produce video signals compatible with legacydevices that operate with conventional encrypted container formats.

FIG. 25 presents a schematic block diagram representation of a videoprocessing device 225″' in accordance with an embodiment of the presentinvention. In particular, a further embodiment of video processingdevice 225 is presented that includes several common functions andfeatures that are referred to by common reference numerals. In thisembodiment, the interface device 120′ includes a first interface moduleas described in conjunction with FIG. 23 that receives encryptedelementary streams 102 in a container format such as PES, TS or IP orother container format. This interface module of interface device 120″de-encapsulates the compressed video signal for decryption to producethe elementary bit stream 200.

In this embodiment, the interface device 120′ further includes a secondinterface module as described in conjunction with FIG. 10 thatencapsulates or re-encapsulates and encrypts the elementary bit streams200 in an encrypted container format such as PES, TS and/or IP forstorage or transport. It should be noted that the input and outputcontainer formats may be the same format or different format, dependingon the implementation.

It should be noted that video processing devices 125′ and 225′″ operateto transcrypt an encrypted container format to and from an encryptedelementary bit stream. For example, such a transcript device can receiveencrypted content in one of the standard container formats (IP/TS/PES)which is protected by a conditional access (CA) or digital rightsmanagement (DRM). It will decrypt the protected content in its originalcontainer format then re-encrypt the content in ES format. The ESencrypted content may then be stored locally to a Hard Drive, used in aTrick Mode operation or transmitted to devices capable of decrypting theES encrypted content. The converse is also possible i.e. ES encryptedcontent may be decrypted then re-encrypted into IP/TS/PES containers.Another option is to transcript ES encrypted content into ES encryptedcontent using a different or same key (perhaps operating on the EScontent).

FIG. 26 presents a schematic block diagram representation of a videoprocessing device 227 in accordance with an embodiment of the presentinvention. In particular, a further embodiment of video processingdevice 225 is presented that includes several common functions andfeatures that are referred to by common reference numerals. In addition,the video processing device 227 includes a decoder 228 for decoding theelementary bit streams 200 into an uncompressed video signal 96.

In an embodiment of the present invention, the video processing device227 embeds the decryption operation within the decoder that operates atthe ES level. For example, the video processing device 227 receives anencrypted elementary bit stream that is decrypted and decoded in asingle atomic operation to produce an uncompressed video signal 96 inthe form of clear un-compressed content formatted as YUV/PCM.

FIG. 27 presents a schematic block diagram representation of a videoprocessing device 227′ in accordance with an embodiment of the presentinvention. In particular, a further embodiment of video processingdevice 225 is presented that includes several common functions andfeatures that are referred to by common reference numerals. In addition,the video processing device 227′ includes an encryption processingdevice 124 that retrieves at least one encryption key from the keystorage device 226, and that directly encrypts the at least oneelementary bit stream into a transcrypted elementary bit stream. In thisfashion, a transcrypted elementary bit stream 204 can be produced froman encrypted elementary bit stream that is in the same elementary streamformat, but is encrypted in a different encryption format or simply witha different encryption key.

FIG. 28 presents a schematic block diagram representation of a videoprocessing device 227″ in accordance with an embodiment of the presentinvention. In particular, a further embodiment of video processingdevice 227′ is presented that includes several common functions andfeatures that are referred to by common reference numerals. In addition,the video processing device 227″ includes a transcoder 232 fortranscoding the elementary bit streams 200 into a transcoded elementarybit stream 202 in a differing audio and/or video compression format. Inoperation, the encrypted elementary bit stream is decrypted bydecryption processing device 224 into elementary bit stream 200.Transcoder 232 partially or fully decodes the elementary bit streams 200to create a transcoded elementary bit stream. Encryption processingdevice 124 produces a transcoded encrypted elementary bit streams 202from the transcoded elementary bit stream. It should be noted that thetranscoded encrypted elementary bit streams 202 can be encrypted withthe same key and encryption methodology as the encrypted elementary bitstreams 102 or optionally, can be transcrypted to a new encryptionmethodology or using one or more new encryption keys.

In an embodiment of the present invention, the video processing device227″ embeds the encryption and decryption operations within thetranscoder that operates at the ES level. For example, the videoprocessing device 227″ receives an encrypted elementary bit stream thatis decrypted, transcoded and re-encrypted in a single atomic operation.

FIG. 29 presents a schematic block diagram representation of a videoprocessing device 229 in accordance with an embodiment of the presentinvention. In particular, video processing device 229 includes videosplicer 234 that receives a plurality of encrypted elementary bitstreams (102, 103, . . .) that contain a corresponding plurality ofvideo programs. The video splicer 234 splices the plurality of encryptedelementary bit streams (102, 103, . . .) into a single combinedencrypted elementary bit stream 206 containing a combined video programthat is a concatenation of the corresponding plurality of videoprograms.

Due to the ability to view all framing information, the video splicer234 can generate a combined ES encrypted stream without having todecrypt either of the input ES encrypted streams. Note that decryptionand re-encryption may, never the less, be employed via optionalinclusion of encryption processing device 124 and decryption processingdevice 224 to transcrypt one or the encrypted elementary bit streams(102, 103, . . .) to match the encryption employed by other bit streamor streams or to transcrypt the combined encrypted elementary bit stream206 with either the same or a different key.

FIG. 30 presents a flowchart representation of a method in accordancewith an embodiment of the present invention. In particular, a method ispresented for use in conjunction with one or more functions and featuresdescribed in conjunction with FIGS. 1-29. In step 400, at least oneencryption key is retrieved from a key storage device. In step 402, theat least one elementary bit stream is directly encrypted into at leastone encrypted elementary bit stream.

In an embodiment of the present invention, step 402 operates withoutencrypting formatting data associated with at least one container formatassociated with the compressed video signal and without encryptingframing data associated with the compressed video signal. Step 402 caninclude parsing the at least one elementary bit stream parser toidentifies a first start code sequence and a second start code sequencein the at least one elementary bit stream and further to identifies agroup of bits between the first start code sequence and the second startcode sequence, wherein the second start code sequence is the next startcode sequence after the first start code sequence in a temporal orderingof the at least one elementary bit stream. The group of bits can besegmented into at least one block and the at least one block can beencrypted into at least one encrypted block based on the at least oneencryption key. The at least one encrypted elementary bit stream can begenerated from the at least one encrypted block.

Step 402 can also include testing the at least one encrypted block foran occurrence of a false start sequence. When the at least one encryptedblock includes the false start sequence, iteratively encrypting the atleast one block until the at least one encrypted block does not containthe false start sequence. The at least one block can includes at leastone standard block of standard length and a remainder block that is notequal to the standard length. In this case, step 402s can includeoperating in a first encryption mode for the at least one standard blockand a second encryption mode for the remainder block.

FIG. 31 presents a flowchart representation of a method in accordancewith an embodiment of the present invention. In particular, a method ispresented for use in conjunction with one or more functions and featuresdescribed in conjunction with FIGS. 1-30 wherein the at least oneelementary bit stream includes a plurality of elementary bit streamscontaining a corresponding plurality of video programs, and the at leastone encrypted elementary bit stream includes a plurality of encryptedelementary bit streams containing the corresponding plurality of videoprograms. In step 410, the plurality of encrypted elementary bit streamsare spliced into a single combined encrypted elementary bit streamcontaining a combined video programs that is a concatenation of thecorresponding plurality of video programs.

FIG. 32 presents a flowchart representation of a method in accordancewith an embodiment of the present invention. In particular, a method ispresented for use in conjunction with one or more functions and featuresdescribed in conjunction with FIGS. 1-31. In step 420, at least onedecryption key is retrieved from a key storage device. In step 422, atleast one encrypted elementary bit stream is decrypted into at least oneelementary bit stream, wherein first portions of the at least oneencrypted elementary bit stream are encrypted and second portions of theat least one encrypted elementary bit stream are unencrypted.

In an embodiment of the present invention, step 422 includes:identifying a first start code sequence and a second start code sequencein the at least one encrypted elementary bit stream and further thatidentifying a group of bits between the first start code sequence andthe second start code sequence, wherein the second start code sequenceis the next start code sequence after the first start code sequence in atemporal ordering of the at least one encrypted elementary bit stream;segmenting the group of bits into at least one block; decrypting the atleast one block into at least one decrypted block based on the at leastone decryption key; and generating the at least one elementary bitstream from the at least one decrypted block.

The at least one block can includes at least one standard block ofstandard length and a remainder block that is not equal to the standardlength and wherein decrypting the at least one block operates in a firstdecryption mode for the at least one standard block and a seconddecryption mode for the remainder block.

Step 422 can also include testing the at least one decrypted block foran occurrence of a false start sequence. When the at least one decryptedblock includes the false start sequence, iteratively decrypting the atleast one block until the at least one decrypted block does not containthe false start sequence.

FIG. 33 presents a flowchart representation of a method in accordancewith an embodiment of the present invention. In particular, a method ispresented for use in conjunction with one or more functions and featuresdescribed in conjunction with FIGS. 1-32. In step 430, the at least oneencrypted elementary bit stream is de-encapsulated from a containerformat.

FIG. 34 presents a flowchart representation of a method in accordancewith an embodiment of the present invention. In particular, a method ispresented for use in conjunction with one or more functions and featuresdescribed in conjunction with FIGS. 1-33. In step 440, the at least oneelementary bit stream is encapsulated and encrypted into an encryptedcontainer format.

There are many possible applications of the embodiment described inconjunction with FIGS. 1-32. Raw YUV and PCM samples can be encodedusing various A/V codec(s) and the ES is encrypted as part of the encodepipeline for distribution, transport, storage or other processing. TheA/V encrypted and encoded ES can be decrypted and decoded to raw YUV andPCM samples as part of the decode pipeline. A/V content encrypted usingone of the existing container formats (IP/TS/PES) can be decrypted thenre-encrypted using the encrypted ES format. ES encrypted A/V content canbe decrypted then re-encrypted to one of the existing container formats(IP/TS/PES). ES Encrypted A/V content can be stored on a Hard Disk tofacilitate a PVR application because header and framing information canbe accessed without having to decrypt the content. Multiple EncryptedA/V ES can be spliced seamlessly by a slicing application because timingand framing information can be accessed without having to decrypt thecontent. ES Encrypted A/V content can be stored in memory and a trickmode application is facilitated because header and framing informationcan be accessed without having to decrypt the content. ES Encrypted A/Vcontent can be stored in memory or on disk and a streaming applicationis facilitated because header, framing and timing information can beaccessed without having to decrypt the content. Also the device beingstreamed to has lower memory and processing requirements and results ina more secure end to end delivery of content. ES Encrypted A/V contentis compatible with existing CA and DRM systems in that the CA and DRMKey exchange and Rights management mechanism(s) may remain unchangedwith the key typically used to decrypt the A/V content in (IP/TS/PES)container form used to encrypt/decrypt the A/V content at the ES level.

The encrypted elementary bit streams described herein can be used inconjunction with one or more networks or other connections such as theInternet, another wide area network, broadband wireless or terrestrialnetworks such as satellite, cable, cellular, or telephone companynetworks, or other public or private networks. Any of the videoprocessing devices described herein can be employed at any point in acontent generation and deliver system from a content source, to one ormore content delivery servers or headends, cloud devices, edge devicesor other network devices, home gateways, set top boxes, and clientdevices, either fixed or mobile. More particularly, the client devicescan be set top boxes, televisions, personal computers, smart phones,internet tablets or other client devices that receive contentoriginating from a content source.

One aspect of the security improvement associated with ES encryption isthat low level operations may be performed atomically in a singledevice. In this fashion, a decoder can perform an atomicRead/Decrypt/Decode/Write to Memory operation, an encoder can perform anatomic Read/Encode/Encrypt/Write to Memory operation, a transcoder canperform a Read from Memory/Decrypt/Transcode/Encrypt/Write to Memoryoperation, etc. This addresses a fundamental security weakness in modernsecurity devices which decode, encode or transcode encrypted A/Vcontent. There are several implementations for ES encryption atomicity.One implementation employs a hardware engine that securely encrypts anelementary bit stream that is written to a shared memory. The ES data isread from the processor's cache memory and encrypted. Similarly, ahardware engine can be implemented to securely decrypt an elementary bitstream that is read from shared memory, decrypted and written into aprocessor's cache memory. These approaches would be appropriate forAudio ES decryption/encryption since this is typically performed by andaudio DSP. This would block other processors within the system fromhaving access to the decrypted ES content. A more sophisticatedmechanism would involve adding H/W mechanisms which read/writesencrypted ES content from/to a shared memory, securely perform thedecryption/encryption and passes the clear ES content to/from the H/WDecoder/Encoder/Transcoder via a shared internal buffer. This would alsoblock other processors within the system from having access to thedecrypted ES content.

Various embodiments described in conjunction with FIGS. 1-32 reducesmemory utilization and bandwidth because the contentencryption/decryption is embedded within the encode/decode codec thereis no need for additional memory buffers (i.e. reduces memoryutilization) and there are fewer read/write operation (i.e. reducedmemory bandwidth). The security risk is reduced because the clearcompressed content never resides in memory (i.e. the decryption/decodeoperations are handled atomically within the A/V Codec's). Latency canbe reduced because the content is encrypted/decrypted at the ES levelembedded within the A/V encode/decode codec's there is no need foradditional handling of the content and thus there is far less latencyand s/w overhead involved. Hardware requirements can be reduced becausethe content is encrypted/decrypted at the ES level and is embeddedwithin the A/V encode/decode codec's there is less additional hardwarerequired (i.e. there is no need for complete separateencryption/decryption components). The ES encrypted compressed contentcan be parsed and used directly in a trick mode application because allthe framing information is available. The ES encrypted compressedcontent may be securely stored on Hard Disk and can be parsed and s/wcan seek through files, the encrypted content may be used directly inPVR applications because all the framing information is available.

The ES encrypted compressed content can be sent to 3^(rd) party devices,and because the decryption occurs within the codec, the clear compressedcontent is not exposed in memory. The ES encrypted compressed contentcan be parsed to determine appropriate splice points and so it isrelatively simple to splice ES encrypted streams without having todecrypt them.

FIG. 35 presents a schematic block diagram representation of a videoprocessing device in accordance with an embodiment of the presentinvention. A video processing device is presented for processing videodata 498. Like selected embodiments described in conjunction with FIGS.1-34, this video processing device protects the security of data viaencryption when it is stored on a memory device 506 during processing.In particular, memory input/output (I/O) includes encryption anddecryption as part of an atomic operation to receive uncompressed videodata 498 and to generate encoded video data 514.

A key generator 520 generates or otherwise stores and retrieves anencryption key 522 and a decryption key 524. An interface device 500receives the video data 498 in a media format and automatically encryptsthe video data 498 via encryption module 502 into encrypted video data504 based on the encryption key 522 and stores the encrypted video data504 in the memory device 506. A video encoder 510 automatically decryptsthe encrypted video data 504, via decryption module 512 based on thecorresponding decryption key 524 when retrieving the video data from thememory device 506 in conjunction with an encoding of the video signalinto encoded video data 514.

The video data 498 can include digital audio data. In particular, themedia format of the video data 498 can high-definition multimediainterface (HDMI) formatted data, International Telecommunications Unionrecommendation BT.656 formatted data, inter-integrated circuit sound(I2S) formatted data, and/or other digital A/V data formats.

In an embodiment of the present invention, memory device 506 may be asingle memory device or a plurality of memory devices. Such a memorydevice can include a hard disk drive or other disk drive, read-onlymemory, random access memory, volatile memory, non-volatile memory,static memory, dynamic memory, flash memory, cache memory, and/or anydevice that stores digital information. The key generator 520 can beimplemented as part of or separate from the memory device 506.

The interface device 500 and video encoder 510 can be implemented usinga single processing device or a plurality of processing devices. Such aprocessing device may be a microprocessor, co-processors, amicro-controller, digital signal processor, microcomputer, centralprocessing unit, field programmable gate array, programmable logicdevice, state machine, logic circuitry, analog circuitry, digitalcircuitry, and/or any device that manipulates signals (analog and/ordigital) based on operational instructions that are stored in a memory.Note that when the processing device implements one or more of itsfunctions via a state machine, analog circuitry, digital circuitry,and/or logic circuitry, the memory storing the corresponding operationalinstructions may be embedded within, or external to, the circuitrycomprising the state machine, analog circuitry, digital circuitry,and/or logic circuitry.

FIG. 36 presents a schematic block diagram representation of a videoprocessing device in accordance with an embodiment of the presentinvention. A video processing device is presented for processing videodata 528. Like selected embodiments described in conjunction with FIG.35, this video processing device protects the security of data viaencryption when it is stored on a memory device 536 during processing.In particular, memory input/output (I/O) includes encryption anddecryption as part of an atomic operation to receive encoded video data528 and to generate decoded and formatted video data 544.

The video processing device includes a key generator 520 for generatingan encryption key and a corresponding decryption key. A video decoder530 decodes the video data, automatically encrypts the decoded videodata via encryption module 532 into encrypted video data 534 based onthe encryption key 522 and stores the encrypted video data in the memorydevice 536. An interface device 540 automatically decrypts the encryptedvideo data 534 via decryption module 542, based on the correspondingdecryption key 524 when retrieving the encrypted video data 534 from thememory device 536 in conjunction with formatting the video data in amedia format.

The formatted video data 544 can include digital audio data. Inparticular, the media format of the formatted video data 544 canhigh-definition multimedia interface (HDMI) formatted data,International Telecommunications Union recommendation BT.656 formatteddata, inter-integrated circuit sound (I2S) formatted data, and/or otherdigital AN data formats.

In an embodiment of the present invention, memory device 536 may be asingle memory device or a plurality of memory devices. Such a memorydevice can include a hard disk drive or other disk drive, read-onlymemory, random access memory, volatile memory, non-volatile memory,static memory, dynamic memory, flash memory, cache memory, and/or anydevice that stores digital information. The key generator 520 can beimplemented as part of or separate from the memory device 536.

The interface device 540 and video decoder 530 can be implemented usinga single processing device or a plurality of processing devices. Such aprocessing device may be a microprocessor, co-processors, amicro-controller, digital signal processor, microcomputer, centralprocessing unit, field programmable gate array, programmable logicdevice, state machine, logic circuitry, analog circuitry, digitalcircuitry, and/or any device that manipulates signals (analog and/ordigital) based on operational instructions that are stored in a memory.Note that when the processing device implements one or more of itsfunctions via a state machine, analog circuitry, digital circuitry,and/or logic circuitry, the memory storing the corresponding operationalinstructions may be embedded within, or external to, the circuitrycomprising the state machine, analog circuitry, digital circuitry,and/or logic circuitry.

FIG. 37 presents a flowchart representation of a method in accordancewith an embodiment of the present invention. In particular, a method ispresented for use in conjunction with one or more functions and featuresdescribed in conjunction with FIGS. 1-34. In step 600, an encryption keyand a corresponding decryption key are generated. In step 602, the videodata is received in a media format via an interface device. In step 604,the video data are automatically encrypted into encrypted video databased on the encryption key when the unencrypted video data is receivedvia the interface device, and storing the encrypted video data in amemory device. In step 606, the encrypted video data are automaticallydecrypted based on the corresponding decryption key when retrieving thevideo data from the memory device in conjunction with an encoding of thevideo signal by a video encoder.

The video data can include digital audio data. In particular, the mediaformat of the video data can be high-definition multimedia interface(HDMI) formatted data, International Telecommunications Unionrecommendation BT.656 formatted data, inter-integrated circuit sound(I2S) formatted data, and/or other digital A/V data formats.

FIG. 38 presents a flowchart representation of a method in accordancewith an embodiment of the present invention. In particular, a method ispresented for use in conjunction with one or more functions and featuresdescribed in conjunction with FIGS. 1-34. In step 610, an encryption keyand a corresponding decryption key are generated. In step 612, the videodata are decoded via a video decoder. In step 614, the decoded videodata are automatically encrypted into encrypted video data based on theencryption key when the unencrypted video data is decoded via the videodecoder, and the encrypted video data are stored in a memory device. Instep 616, the encrypted video data are automatically decrypted based onthe corresponding decryption key when retrieving the video data from thememory device in conjunction with a formatting of the video signal in amedia format via an interface device.

The formatted video data can include digital audio data. In particular,the media format of the formatted video data can high-definitionmultimedia interface (HDMI) formatted data, InternationalTelecommunications Union recommendation BT.656 formatted data,inter-integrated circuit sound (I2S) formatted data, and/or otherdigital A/V data formats.

As may be used herein, the terms “substantially” and “approximately”provides an industry-accepted tolerance for its corresponding termand/or relativity between items. Such an industry-accepted toleranceranges from less than one percent to fifty percent and corresponds to,but is not limited to, component values, integrated circuit processvariations, temperature variations, rise and fall times, and/or thermalnoise. Such relativity between items ranges from a difference of a fewpercent to magnitude differences. As may also be used herein, theterm(s) “operably coupled to”, “coupled to”, and/or “coupling” includesdirect coupling between items and/or indirect coupling between items viaan intervening item (e.g., an item includes, but is not limited to, acomponent, an element, a circuit, and/or a module) where, for indirectcoupling, the intervening item does not modify the information of asignal but may adjust its current level, voltage level, and/or powerlevel. As may further be used herein, inferred coupling (i.e., where oneelement is coupled to another element by inference) includes direct andindirect coupling between two items in the same manner as “coupled to”.As may even further be used herein, the term “operable to” or “operablycoupled to” indicates that an item includes one or more of powerconnections, input(s), output(s), etc., to perform, when activated, oneor more its corresponding functions and may further include inferredcoupling to one or more other items. As may still further be usedherein, the term “associated with”, includes direct and/or indirectcoupling of separate items and/or one item being embedded within anotheritem. As may be used herein, the term “compares favorably”, indicatesthat a comparison between two or more items, signals, etc., provides adesired relationship. For example, when the desired relationship is thatsignal 1 has a greater magnitude than signal 2, a favorable comparisonmay be achieved when the magnitude of signal 1 is greater than that ofsignal 2 or when the magnitude of signal 2 is less than that of signal1.

As may also be used herein, the terms “processing module”, “processingcircuit”, and/or “processing unit” may be a single processing device ora plurality of processing devices. Such a processing device may be amicroprocessor, micro-controller, digital signal processor,microcomputer, central processing unit, field programmable gate array,programmable logic device, state machine, logic circuitry, analogcircuitry, digital circuitry, and/or any device that manipulates signals(analog and/or digital) based on hard coding of the circuitry and/oroperational instructions. The processing module, module, processingcircuit, and/or processing unit may be, or further include, memoryand/or an integrated memory element, which may be a single memorydevice, a plurality of memory devices, and/or embedded circuitry ofanother processing module, module, processing circuit, and/or processingunit. Such a memory device may be a read-only memory, random accessmemory, volatile memory, non-volatile memory, static memory, dynamicmemory, flash memory, cache memory, and/or any device that storesdigital information. Note that if the processing module, module,processing circuit, and/or processing unit includes more than oneprocessing device, the processing devices may be centrally located(e.g., directly coupled together via a wired and/or wireless busstructure) or may be distributedly located (e.g., cloud computing viaindirect coupling via a local area network and/or a wide area network).Further note that if the processing module, module, processing circuit,and/or processing unit implements one or more of its functions via astate machine, analog circuitry, digital circuitry, and/or logiccircuitry, the memory and/or memory element storing the correspondingoperational instructions may be embedded within, or external to, thecircuitry comprising the state machine, analog circuitry, digitalcircuitry, and/or logic circuitry. Still further note that, the memoryelement may store, and the processing module, module, processingcircuit, and/or processing unit executes, hard coded and/or operationalinstructions corresponding to at least some of the steps and/orfunctions illustrated in one or more of the Figures. Such a memorydevice or memory element can be included in an article of manufacture.

The present invention has been described above with the aid of methodsteps illustrating the performance of specified functions andrelationships thereof. The boundaries and sequence of these functionalbuilding blocks and method steps have been arbitrarily defined hereinfor convenience of description. Alternate boundaries and sequences canbe defined so long as the specified functions and relationships areappropriately performed. Any such alternate boundaries or sequences arethus within the scope and spirit of the claimed invention. Further, theboundaries of these functional building blocks have been arbitrarilydefined for convenience of description. Alternate boundaries could bedefined as long as the certain significant functions are appropriatelyperformed. Similarly, flow diagram blocks may also have been arbitrarilydefined herein to illustrate certain significant functionality. To theextent used, the flow diagram block boundaries and sequence could havebeen defined otherwise and still perform the certain significantfunctionality. Such alternate definitions of both functional buildingblocks and flow diagram blocks and sequences are thus within the scopeand spirit of the claimed invention. One of average skill in the artwill also recognize that the functional building blocks, and otherillustrative blocks, modules and components herein, can be implementedas illustrated or by discrete components, application specificintegrated circuits, processors executing appropriate software and thelike or any combination thereof.

The present invention may have also been described, at least in part, interms of one or more embodiments. An embodiment of the present inventionis used herein to illustrate the present invention, an aspect thereof, afeature thereof, a concept thereof, and/or an example thereof. Aphysical embodiment of an apparatus, an article of manufacture, amachine, and/or of a process that embodies the present invention mayinclude one or more of the aspects, features, concepts, examples, etc.described with reference to one or more of the embodiments discussedherein. Further, from figure to figure, the embodiments may incorporatethe same or similarly named functions, steps, modules, etc. that may usethe same or different reference numbers and, as such, the functions,steps, modules, etc. may be the same or similar functions, steps,modules, etc. or different ones.

Unless specifically stated to the contra, signals to, from, and/orbetween elements in a figure of any of the figures presented herein maybe analog or digital, continuous time or discrete time, and single-endedor differential. For instance, if a signal path is shown as asingle-ended path, it also represents a differential signal path.Similarly, if a signal path is shown as a differential path, it alsorepresents a single-ended signal path. While one or more particulararchitectures are described herein, other architectures can likewise beimplemented that use one or more data buses not expressly shown, directconnectivity between elements, and/or indirect coupling between otherelements as recognized by one of average skill in the art.

The term “module” is used in the description of the various embodimentsof the present invention. A module includes a processing module, afunctional block, hardware, and/or software stored on memory forperforming one or more functions as may be described herein. Note that,if the module is implemented via hardware, the hardware may operateindependently and/or in conjunction software and/or firmware. As usedherein, a module may contain one or more sub-modules, each of which maybe one or more modules.

While particular combinations of various functions and features of thepresent invention have been expressly described herein, othercombinations of these features and functions are likewise possible. Thepresent invention is not limited by the particular examples disclosedherein and expressly incorporates these other combinations.

What is claimed is:
 1. A video processing device for encrypting acompressed video signal from an elementary bit stream, the videoprocessing device comprising: a machine that includes: a key storagedevice for storing at least one encryption key; and an encryptionprocessing device, coupled to the key storage device, that retrieves theat least one encryption key from the key storage device, and thatencrypts the elementary bit stream into at least one partially encryptedelementary bit stream, wherein first portions of the at least onepartially encrypted elementary bit stream are encrypted and secondportions of the at least one partially encrypted elementary bit streamare unencrypted, wherein the encryption processing device applies afirst of a plurality of encryption methods for encrypting the firstportions of a first block size and applies a second of the plurality ofencryption methods for encrypting the first portions of a second blocksize that is less than the first block size.
 2. The video processingdevice of claim 1 wherein the encryption processing device directlyencrypts the at least one elementary stream without encryptingformatting data associated with at least one container format associatedwith the compressed video signal.
 3. The video processing device ofclaim 1 wherein the encryption processing device directly encrypts theat least one elementary stream without encrypting framing dataassociated with the compressed video signal.
 4. The video processingdevice of claim 1 wherein the encryption processing device includes: anelementary stream parser that identifies a first start code sequence anda second start code sequence in the at least one elementary bit streamand further that identifies a group of bits between the first start codesequence and the second start code sequence, wherein the second startcode sequence is the next start code sequence after the first start codesequence in a temporal ordering of the at least one elementary bitstream; a bit stream segmenter, coupled to the elementary stream parser,that segments the first portions into a plurality of blocks including atleast first one block of the first block size and at least one secondblock of a second block size; an encryption module, coupled to the bitstream segmenter, that encrypts the plurality of blocks into at leastone first encrypted block and at least one second encrypted block; and aoutput formatter, coupled to the encryption module, that generates theat least one partially encrypted elementary bit stream from theplurality of encrypted blocks.
 5. The video processing device of claim 4wherein the encryption module tests the at least one first encryptedblock for an occurrence of a false start sequence, and iterativelyencrypts the at least one first block until the at least one firstencrypted block does not contain the false start sequence.
 6. The videoprocessing device of claim 4 wherein the at least one first blockincludes at least one standard block of standard length and the at leastone second block includes a remainder block that is not equal to thestandard length.
 7. The video processing device of claim 1 wherein atleast one elementary bit stream includes an elementary audio bit streamand an elementary video bit stream.
 8. The video processing device ofclaim 1 further comprising: a first interface module, coupled to theencryption processing device, that encapsulates the at least onepartially encrypted elementary bit stream in a container format.
 9. Thevideo processing device of claim 7 further comprising: a secondinterface module, coupled to the encryption processing device, thatreceives the compressed video signal in an encrypted container format,that de-encapsulates and decrypts the compressed video signal to producethe at least one elementary bit stream.
 10. The video processing deviceof claim 1 further comprising: a video encoder, coupled to theencryption processing device, that receives a video signal in anuncompressed format, that encodes the video signal to produce thecompressed video signal.
 11. A method for encrypting a compressed videosignal from an elementary bit stream, the method comprising: storing atleast one encryption key in a key storage device; and executinginstructions via a processor to: retrieve the at least one encryptionkey from the key storage device; and encrypt the elementary bit streaminto at least one partially encrypted elementary bit stream, whereinfirst portions of the at least one partially encrypted elementary bitstream are encrypted and second portions of the at least one partiallyencrypted elementary bit stream are unencrypted, wherein the encryptionprocessing device applies a first of a plurality of encryption methodsfor encrypting the first portions of a first block size and applies asecond of the plurality of encryption methods for encrypting the firstportions of a second block size that is less than the first block size.12. The method of claim 11 wherein encrypting the elementary bit streamincludes directly encrypting the at least one elementary stream withoutencrypting formatting data associated with at least one container formatassociated with the compressed video signal.
 13. The method of claim 11wherein encrypting the elementary bit stream includes directlyencrypting the at least one elementary stream without encrypting framingdata associated with the compressed video signal.
 14. The method ofclaim 11 encrypting the elementary bit stream includes: identifying afirst start code sequence and a second start code sequence in the atleast one elementary bit stream and further that identifies a group ofbits between the first start code sequence and the second start codesequence, wherein the second start code sequence is the next start codesequence after the first start code sequence in a temporal ordering ofthe at least one elementary bit stream; segmenting the first portionsinto a plurality of blocks including at least first one block of thefirst block size and at least one second block of a second block size;encrypting the plurality of blocks into at least one first encryptedblock and at least one second encrypted block; and generating the atleast one partially encrypted elementary bit stream from the pluralityof encrypted blocks.
 15. The method of claim 14 wherein encrypting theelementary bit stream includes: testing the at least one first encryptedblock for an occurrence of a false start sequence; and iterativelyencrypting the at least one first block until the at least one firstencrypted block does not contain the false start sequence.
 16. Themethod of claim 14 wherein the at least one first block includes atleast one standard block of standard length and the at least one secondblock includes a remainder block that is not equal to the standardlength.
 17. The method of claim 11 wherein at least one elementary bitstream includes an elementary audio bit stream and an elementary videobit stream.
 18. The method of claim 11 further comprising: encapsulatingthe at least one partially encrypted elementary bit stream in acontainer format.
 19. The method of claim 17 further comprising:receiving the compressed video signal in an encrypted container format;and de-encapsulating and decrypting the compressed video signal toproduce the at least one elementary bit stream.
 20. The method of claim11 further comprising: receiving a video signal in an uncompressedformat, that encodes the video signal to produce the compressed videosignal.